Linux Distros Unpatched Vulnerability : CVE-2017-16667

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of...

Mageia: Security Advisory (MGASA-2018-0059)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-16667

CVE-2020-16667 is rejected/not used and does not represent an active vulnerability entry.

CVE-2020-16667

...

pfSense 2.4.4-p3 Cross Site Request Forgery

Exploit Title: pfSense 2.4.4-p3 - Cross-Site Request Forgery Date: 2019-09-27 Exploit Author: ghostfh Vendor Homepage: https://www.pfsense.org/ Software Link: https://www.pfsense.org/download/index.html?section=downloads Version: Till 2.4.4-p3 Tested on: freebsd CVE : CVE-2019-16667 Vulnerability...

pfSense 2.4.4-p3 - Cross-Site Request Forgery

Exploit Title: pfSense 2.4.4-p3 - Cross-Site Request Forgery Date: 2019-09-27 Exploit Author: ghostfh Vendor Homepage: https://www.pfsense.org/ Software Link: https://www.pfsense.org/download/index.html?section=downloads Version: Till 2.4.4-p3 Tested on: freebsd CVE : CVE-2019-16667 Vulnerability...

CVE-2019-16667

diagcommand.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrfcallback produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing...

CVE-2019-16667

pfSense 2.4.4-p3 is affected by a Cross‑Site Request Forgery vulnerability in diag_command.php. The issue allows CSRF via the txtCommand or txtRecallBuffer fields, with evidence describing exploitation as OS commands being executed due to csrf_callback() returning a “CSRF token expired” error and...

CVE-2018-16667

An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL lvmregistervariable, lvmsetvariablevalue, createintersection, createunion...

CVE-2018-16667

Contiki-NG up to 4.1 contains a buffer over-read in lookup within os/storage/antelope/lvm.c when parsing AQL (functions lvm_register_variable, lvm_set_variable_value, create_intersection, create_union). Public references describe this as a Contiki-NG 4.1 vulnerability that can lead to a denial of...

CVE-2018-16667

An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL lvmregistervariable, lvmsetvariablevalue, createintersection, createunion...

Fedora 27 : backintime (2017-898a922aff)

update to fix CVE-2017-16667 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Updated backintime packages fix security vulnerability

backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...

openSUSE Security Update : backintime (openSUSE-2017-1309)

This update for backintime fixes the following issues : Security issue fixed : - CVE-2017-16667: Fixed shell injection in notify-send boo1067342. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Updat...

Fedora Update for backintime FEDORA-2017-8016cc0bd0

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 25 : backintime (2017-8016cc0bd0)

update to fix CVE-2017-16667 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora Update for sagemath FEDORA-2014-16667

Check the version of sagemath SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868628";...